All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Error: No service named HidServ was found to stop!
Service\Driver key HidServ not found.
File C:\WINDOWS\System32\hidserv.dll File not found not found.
Error: No service named 0215261282939740mcinstcleanup) McAfee Application Installer Cleanup (0215261282939740 was found to stop!
Service\Driver key 0215261282939740mcinstcleanup) McAfee Application Installer Cleanup (0215261282939740 not found.
File C:\DOCUME~1\Vojta\LOCALS~1\Temp\021526~1.EXE File not found not found.
Error: No service named pccsmcfd was found to stop!
Service\Driver key pccsmcfd not found.
File C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
C:\WINDOWS\tasks\SA.DAT moved successfully.
File\Folder C:\Documents and Settings\Vojta\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lenka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Vojta
->Temp folder emptied: 1706861 bytes
->Temporary Internet Files folder emptied: 3202449 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 511 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 113518 bytes
Total Files Cleaned = 5,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Lenka
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: Vojta
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.10.0 log created on 08282010_121640
Files\Folders moved on Reboot...
C:\Documents and Settings\Vojta\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
File\Folder C:\Documents and Settings\Vojta\Local Settings\Temp\~DF3F6E.tmp not found!
File\Folder C:\Documents and Settings\Vojta\Local Settings\Temp\~DF3F80.tmp not found!
C:\Documents and Settings\Vojta\Local Settings\Temp\~DF68C9.tmp moved successfully.
C:\Documents and Settings\Vojta\Local Settings\Temporary Internet Files\Content.IE5\G2JPEKSH\ads[1].htm moved successfully.
C:\Documents and Settings\Vojta\Local Settings\Temporary Internet Files\Content.IE5\ETVF441G\ads[1].htm moved successfully.
C:\Documents and Settings\Vojta\Local Settings\Temporary Internet Files\Content.IE5\ETVF441G\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Vojta\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_514.dat moved successfully.
Registry entries deleted on Reboot...
LOG z Virustotal:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: Nvflashl.dll
Submission date: 2010-08-28 09:26:20 (UTC)
Current status: queued (#20) queued analysing finished
Result: 0/ 41 (0.0%)
VT Community
not reviewed
Safety score: -
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.08.28.00 2010.08.28 -
AntiVir 8.2.4.46 2010.08.27 -
Antiy-AVL 2.0.3.7 2010.08.26 -
Authentium 5.2.0.5 2010.08.28 -
Avast 4.8.1351.0 2010.08.27 -
Avast5 5.0.594.0 2010.08.27 -
AVG 9.0.0.851 2010.08.27 -
BitDefender 7.2 2010.08.28 -
CAT-QuickHeal 11.00 2010.08.28 -
ClamAV 0.96.2.0-git 2010.08.27 -
Comodo 5884 2010.08.28 -
DrWeb 5.0.2.03300 2010.08.28 -
Emsisoft 5.0.0.37 2010.08.28 -
eSafe 7.0.17.0 2010.08.26 -
eTrust-Vet 36.1.7823 2010.08.27 -
F-Prot 4.6.1.107 2010.08.28 -
F-Secure 9.0.15370.0 2010.08.28 -
Fortinet 4.1.143.0 2010.08.26 -
GData 21 2010.08.28 -
Ikarus T3.1.1.88.0 2010.08.28 -
Jiangmin 13.0.900 2010.08.28 -
Kaspersky 7.0.0.125 2010.08.28 -
McAfee 5.400.0.1158 2010.08.28 -
McAfee-GW-Edition 2010.1B 2010.08.27 -
Microsoft 1.6103 2010.08.28 -
NOD32 5403 2010.08.27 -
Norman 6.05.11 2010.08.28 -
nProtect 2010-08-28.01 2010.08.28 -
Panda 10.0.2.7 2010.08.27 -
PCTools 7.0.3.5 2010.08.28 -
Prevx 3.0 2010.08.28 -
Rising 22.62.05.03 2010.08.28 -
Sophos 4.56.0 2010.08.28 -
Sunbelt 6805 2010.08.28 -
SUPERAntiSpyware 4.40.0.1006 2010.08.28 -
Symantec 20101.1.1.7 2010.08.28 -
TheHacker 6.5.2.1.356 2010.08.26 -
TrendMicro 9.120.0.1004 2010.08.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.28 -
ViRobot 2010.8.28.4012 2010.08.28 -
VirusBuster 5.0.27.0 2010.08.27 -
Additional informationShow all
MD5 : 002c191c34378f7ef9f67b6944297833
SHA1 : 21cce2aaf07f63f01d3a7edc493bc623a93f3e53
SHA256: 86a2f3fdadfd1f704e614f623c0b44092e4b01ffc2a427141be95e17e99e6f2a
ssdeep: 1536:J8JTcLXTc/fIZAqLu75f9IF14wEEGrGpH5CQ+wAEOKEraLEZgTAUscHn:Jo3nq8QbJEmHA
Y5OKEeIqTAbcH
File size : 122880 bytes
First seen: 2009-12-31 22:50:29
Last seen : 2010-08-28 09:26:20
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....:
copyright....: Copyright (C) 2001
product......: nvflashl Dynamic Link Library
description..: nvflashl DLL
original name: nvflashl.DLL
internal name: nvflashl
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x40B7
timedatestamp....: 0x3B9F1A76 (Wed Sep 12 08:19:02 2001)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x10176, 0x11000, 6.42, 56938c35224fc60dd444311cae19e98e
.rdata, 0x12000, 0x3A6F, 0x4000, 4.62, bd478303e8bf28a3d42083c67a0036d4
.data, 0x16000, 0x19AE4, 0x3000, 3.92, 7a844bb2a2ea240173767487db1c97a4
.rsrc, 0x30000, 0x1C98, 0x2000, 4.56, 990773d360f21d1db41b938696ec40aa
.reloc, 0x32000, 0x29C0, 0x3000, 3.92, ea0a9e66b95ed8d6d437fef9b422737d
[[ 6 import(s) ]]
KERNEL32.dll: GetCPInfo, GetOEMCP, HeapFree, HeapAlloc, GetCommandLineA, ExitProcess, TerminateProcess, RaiseException, HeapSize, HeapReAlloc, GetACP, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, GetProcAddress, WideCharToMultiByte, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetUnhandledExceptionFilter, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, IsBadReadPtr, IsBadCodePtr, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, SetEndOfFile, SetFilePointer, FlushFileBuffers, GetCurrentProcess, WriteFile, ReadFile, LoadLibraryA, GetProcessVersion, FreeLibrary, GlobalAddAtomA, GlobalGetAtomNameA, GetModuleHandleA, GlobalFindAtomA, GetLastError, SetHandleCount, MultiByteToWideChar, SetLastError, GetCurrentThread, GetCurrentThreadId, GetStdHandle, InterlockedIncrement, DeviceIoControl, WritePrivateProfileStringA, GlobalFlags, GetVersion, lstrlenA, lstrcpynA, lstrcpyA, lstrcatA, SetErrorMode, InterlockedDecrement, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, GlobalUnlock, GlobalFree, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, GetFileType, GetStartupInfoA, VirtualAlloc, IsBadWritePtr, CreateFileA
USER32.dll: RegisterWindowMessageA, SetForegroundWindow, GetForegroundWindow, GetMessagePos, GetMessageTime, RemovePropA, CallWindowProcA, GetPropA, SetPropA, GetClassLongA, CreateWindowExA, DestroyWindow, DefWindowProcA, GetMenuItemID, GetSubMenu, GetMenu, RegisterClassA, GetClassInfoA, WinHelpA, GetCapture, GetTopWindow, CopyRect, GetClientRect, AdjustWindowRectEx, GetSysColor, MapWindowPoints, LoadIconA, GetSysColorBrush, LoadStringA, DestroyMenu, GetWindowPlacement, GetSystemMetrics, SetFocus, ShowWindow, SetWindowPos, SetWindowLongA, SystemParametersInfoA, IsIconic, GetDlgItem, GrayStringA, DrawTextA, TabbedTextOutA, ReleaseDC, GetDC, GetMenuItemCount, wsprintfA, GetWindowTextA, SetWindowTextA, GetWindow, GetDlgCtrlID, GetClassNameA, UnregisterClassA, UnhookWindowsHookEx, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, EnableWindow, SendMessageA, PostMessageA, PostQuitMessage, LoadCursorA, SetCursor, MessageBoxA, GetWindowRect, PtInRect, ClientToScreen
GDI32.dll: DeleteObject, SaveDC, RestoreDC, SelectObject, GetStockObject, SetBkColor, SetTextColor, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, GetDeviceCaps, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA, GetObjectA, CreateBitmap, DeleteDC
WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
ADVAPI32.dll: RegOpenKeyExA, RegSetValueExA, RegCloseKey, RegCreateKeyExA
COMCTL32.dll: -
[[ 5 export(s) ]]
CopyROM, GetVGAInfo, VGAFlash, WriteProtect, WriteUnprotect
VT Community
0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
You can add basic styles to your comments using the following accepted bbcode tags:
text -- bold
text -- italics
text -- underline
[s]text[/s] -- strikethrough
Kód: Vybrat vše
textYou can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.
Goodware Malware Spam attachment/link
P2P download Propagating via IM Network worm
Drive-by-download
Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.
Preview commentEdit comment Post comment Posting comment...
Comment successfully posted
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
